Solved

VERY STRANGE Image Size behavior (when PHP script sends image to browser)

Posted on 2003-11-24
6
244 Views
Last Modified: 2008-03-17
I'm using a PHP Script to read a file from outside of the document root, and sends it to the browser.

The problem is that I.E. Does not correctly "understand" the size fo the image (when I right click and select properties it says "Not Specified".  

I've tracked this down to the fact that I am calling session_start() before sending the image.  As a result, the session cookie is sent to the browser before the image data and when this happens, i.e. doesn't correctly understand the image size (for some bizarr reason).

At any rate, if I simply comment out this line, the image works EXACTLY as though it's accessed directly (not through the script).  The problem is that I need data from the session to determine which image to show.

So - my question is:

1) Is there any way to access the session data without sending a session cookie to the browser (just from my "picture" script).

2) Does anyone understand why this causes a problem in I.E. and is there any other way around it?

Thank you in advance for any help you can provide.  The script is included below:

picture.php:
            session_start();
            $filename = "/tmp/files/" . $_SESSION['filename'];
            header("Accept-Ranges: bytes");
            header("Content-Length: " . filesize($filename));
            header("Connection: close");
            header("Content-Disposition: inline; filename=" . $_SESSION['filename']);
            header("Content-Type: image/gif");
            $fd = fopen ($filename, "r");
            echo fread ($fd, filesize ($filename));
            fclose ($fd);


Again - All I have to do is just // session_start() and everything works PERFECTLY.  

Thoughts?
0
Comment
Question by:kalliopi
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:ashoooo
ID: 9813419
Can you wrap your image in an HTML file? for eg...

picture.php:
          session_start();
          <html><head></head>
          <body><img src="pictureGen.php?name=<?php echo$_SESSION[filename]; ?>"></body></html>


pictureGen.php:
          $filename = "/tmp/files/" . $_GET['filename'];   // $_SESSION['filename'] has been changed to $_GET['name']
          header("Accept-Ranges: bytes");
          header("Content-Length: " . filesize($filename));
          header("Connection: close");
          header("Content-Disposition: inline; filename=" . $_GET['name']);
          header("Content-Type: image/gif");
          $fd = fopen ($filename, "r");
          echo fread ($fd, filesize ($filename));
          fclose ($fd);

This is just a workaround...
0
 
LVL 6

Author Comment

by:kalliopi
ID: 9813799
Thanks for the input.  I probably should have been more clear.  The whole reason for needing the session data is for security purposes.  I don't want to have to pass the filename to the file for security purposes.  The session looks up the filename in a database and verifies that the user who's logged in (also tracked in the session) has access to that file.  If I pass the filename and just print whatever's passed, the security would be lost and the person viewing the picture would be able to look at any file in the /tmp/files directory.  Does that make sense?  

It seems like I should be able to READ the session data (from a particular script) without sending the session cookie data back to the client (just from that one script).  I just don't know how to do that.  I've tried working with output buffering, and then clearning the output buffer right before sending the image data but unfortunately, output buffering does not appear to effect header data...

Thoughts?
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9813914
Hmmm,

The cookie should be already on the client, and you shouldn't have to send it again, so all you want to do is read the cookie, and not resend it.

One possible workaround would be to tell sessions in that particular file not to use cookies. You might then have to copy the data from $_COOKIE to $_GET(or $_REQUEST), to fool PHP  into thinking that the SID had come from a GET(or POST) variable, and not the cookie, before calling session_start().

Let us know if it works.
0
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 6

Author Comment

by:kalliopi
ID: 9814508
aolXFT - this looks promising and I played around a little bit with turning cookies off for that specific file, but I couldn't figure it out specifically.

Can you be a little bit more explicit?
0
 
LVL 6

Accepted Solution

by:
aolXFT earned 250 total points
ID: 9827385
I haven't much time right now, but try

ini_set('session.use_cookies', 0);
session_start();


0
 
LVL 6

Author Comment

by:kalliopi
ID: 9827861
Thank you aolXFT - that was perfect.  It did EXACTLY what I wanted.  I actually had to also add ini_set('session.cache_limiter', ''); as well, but you certainly pointed me in the right directly.  

That's AWESOME.  Thank you.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question